We go through our daily lives in bliss without the possible consequences of our excessive use of social media catching up with us; however, former Australian Prime Minister Tony Abbott had to learn how trackable his posts on social media can be from the hard way.
Following a Qantas flight from Tokyo to Sydney in late March, Abbott posted a photo of his boarding pass on Instagram with a caption thanking the crew for the flight. What he didn't know though was the fact that a hacker had managed to use his photo to gain access to his personal data including his passport and mobile number -- just 45 minutes later.
The incident was revealed on Wednesday by hacker Alex Hope, who wrote a lengthy post on his blog to describe how used the photo of the boarding pass to reveal a security flaw in the website of the country's national airline carrier, Qantas, as first reported by Gizmodo.
Hacking the former prime minister in 45 minutes
It turned out that it all started with a dare. Some time ago, he was talking back-and-forth about the dangers of posting your boarding pass online with a friend of his, and it was that friend who sent him Abbott's photo and dared him to hack the former prime minister.
Hope wrote that he was able to use the reference number on the boarding pass to log in to Abbott's online booking page with Qantas. Moreover, when he inspected the page's HTML code, which is really easy to access from any browser, he was able to obtain Abbott's passport number, phone number, and some staff comments about Abbott's trip regarding his requests for seats and a fast track.
Abbott contacted him personally to ask for a book recommendation
Hope wrote, "Anyone who saw that Instagram post could also have them. I felt like I had to like, tell someone about this. Someone with like, responsibilities. Someone with an email signature." After that, it was a matter of contacting the airline and the former prime minister.
He contacted Qantas' cybersecurity team and the airline fixed the issue in July. Contacting Abbott took him a lot of time, but when he finally managed, his staff told him that they were made aware of the issue and was working on a solution. Moreover, he also got a call from the former prime minister himself who wanted to get recommendations for "a book about the basics of IT".
The incident comes as a reminder to be careful about the things we post to social media. People tend to post their boarding passes a lot; however, as Abbott's example has shown, they are meant to be hidden. Hope wrote, "The point of this story isn’t to say ‘wow Tony Abbott got hacked, what a dummy’. The point is that if someone famous can unknowingly post their boarding pass, anyone can."